Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This smart light bulb could leak your Wi-Fi password

February 1, 2019
in Internet Security
This smart light bulb could leak your Wi-Fi password
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A researcher has disclosed a set of vulnerabilities which could be exploited to steal Wi-Fi passwords belonging to LIFX smart lighting owners.

This week, a hacker going under the name “LimitedResults” revealed how smart LIFX lighting bulbs could be compromised to access everything from Wi-Fi credentials to root certificates.

You might also like

Billions of smartphone owners will soon be authorising payments using facial recognition

PayPal rolls out new fraud management tools for merchants

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

LimitedResults used the LIFX mini white as a test product, a $15.99 device which can be controlled via smartphone to change the temperature and dimness levels of lighting at home.

After installing the bulb’s accompanying app on an Android device and setting up the Wi-Fi connection, the researcher grabbed a saw to hack his way into the hardware within.

After exposing the innards of the bulb and wiping away fireproof paste, the hacker found that the main component of the bulb is an ESP32D0WDQ6 system-on-chip (SoC) manufactured by Espressif.

See also: Apple pulls the plug on Facebook’s internal iOS apps

It didn’t take long to solder a few pins to a board in order to connect to the LIFX hardware, and after this link was established, LimitedResults found that Wi-Fi credentials were stored in plaintext within the flash memory.

“A simple research into the binary file flash.bin using a hex editor or even string|grep command is enough to retrieve the Wi-Fi credentials,” the hacker said.

The second security issue that LimitedResults found was the overall lack of security measures set in place to protect the bulb’s hardware. The researcher was unable to find any secure boot, flash encryption, or any attempt to disable JTAG, a system used for debugging and testing Internet of Things (IoT) and embedded devices.

CNET: Colleges reportedly drop Huawei equipment to appease Trump administration

The worst security issue impacting the LIFX product, however, was to come. LimitedResults realized that the root certificate of the device and RSA private key were both made available in the light bulb’s firmware.

“I decided to stop the investigation after that,” the hacker said.

The vulnerabilities, which do require physical access to exploit, were first found in May 2018. LIFX failed to answer queries requesting a PGP key to disclose the findings for four months, and so a standard email was then sent by the researcher on 3 October. LIFX acknowledged the report a day later and requested a 150-day public disclosure deadline.

A 90-day disclosure timeline was then agreed upon.

TechRepublic: Why you should use a Managed Security Service Provider instead of in-house security

LIFX says the “moderate to high severity” vulnerabilities have all been addressed in automatic firmware updates released at the end of 2018. A spokesperson from the company said that the vulnerabilities were an “oversight” and leftovers from the development stage before internal systems were deemed acceptable for large-scale use.

“All sensitive information stored in the firmware is now encrypted and we have introduced extra security settings in the hardware,” the company says. “Customers can obtain the firmware update by opening their LIFX app and a firmware update prompt will be shown if they haven’t already updated their lights.”

Previous and related coverage

Credit: Source link

Previous Post

The Challenges to Tackle Before You Start With AI

Next Post

How young writers are busting into Hollywood with machine learning-fueled Wattpad

Related Posts

Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
PayPal rolls out new fraud management tools for merchants
Internet Security

PayPal rolls out new fraud management tools for merchants

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Next Post
How young writers are busting into Hollywood with machine learning-fueled Wattpad

How young writers are busting into Hollywood with machine learning-fueled Wattpad

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
Caruso real estate to accept Bitcoin as rent payment in industry first
Blockchain

Caruso real estate to accept Bitcoin as rent payment in industry first

April 12, 2021
AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration
Machine Learning

AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration

April 12, 2021
WOMEN IN A.I. ~ Future is Female
Neural Networks

WOMEN IN A.I. ~ Future is Female

April 12, 2021
Stumbling blocks to digital transformation: Monday’s daily brief
Digital Marketing

Stumbling blocks to digital transformation: Monday’s daily brief

April 12, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Billions of smartphone owners will soon be authorising payments using facial recognition April 13, 2021
  • Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data April 13, 2021
  • Caruso real estate to accept Bitcoin as rent payment in industry first April 12, 2021
  • AI, Machine And Deep Learning: Filling Today’s Need for Speed And Iteration April 12, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates